VDB

CVE-2026-3548

CVE-2026-3548 PUBLISHED CVSS 7.199999809265137 HIGH

Two buffer overflow vulnerabilities existed in the wolfSSL CRL parser when parsing CRL numbers: a heap-based buffer overflow could occur when improperly storing the CRL number as a hexadecimal string, and a stack-based overflow for sufficiently sized CRL numbers. With appropriately crafted CRLs, either of these out of bound writes could be triggered. Note this only affects builds that specifically enable CRL support, and the user would need to load a CRL from an untrusted source.

EPSS 0.03% · 10.7th percentile

Risk Scores

CVSS v4.0
7.199999809265137
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U
EPSS Score
0.03%
10.7th percentile

Affected Products

VendorProductVersions
wolfSSLwolfSSL0, 0, 0

Timeline

  • Mar 19, 2026 CVE Published
  • Mar 19, 2026 CVE Updated
  • Mar 20, 2026 EPSS Score
  • Mar 20, 2026 Coalition ESS Score
  • Mar 21, 2026 EPSS Score
  • Mar 21, 2026 Coalition ESS Score
  • Mar 22, 2026 EPSS Score
  • Mar 23, 2026 EPSS Score
  • Mar 24, 2026 EPSS Score
  • Mar 25, 2026 EPSS Score
  • Mar 29, 2026 Security Advisory
  • May 18, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›